On Thursday, the United States, Britain, and South Korea issued a joint advisory revealing that North Korean hackers have launched a global cyber espionage campaign aimed at stealing classified military secrets to advance Pyongyang’s prohibited nuclear weapons program. The hackers, known as Anadriel or APT45, are believed to be affiliated with North Korea’s Reconnaissance General Bureau, which has been sanctioned by the U.S. since 2015.
The advisory reports that this cyber unit has breached or targeted a wide range of defense and engineering companies, including those involved in the production of tanks, submarines, naval vessels, fighter jets, and missile and radar systems. In the U.S., victims have included NASA, Randolph Air Force Base in Texas, Robins Air Force Base in Georgia, the FBI, and the Justice Department.
In February 2022, the hackers reportedly used malware to access NASA’s systems for three months, extracting over 17 gigabytes of unclassified data. “The authoring agencies believe this group and their cyber techniques pose an ongoing threat to various industry sectors worldwide, including entities in their own countries, as well as in Japan and India,” the advisory stated.
North Korea, officially known as the Democratic People’s Republic of Korea (DPRK), has a history of using covert hacking teams to gather sensitive military information. To finance their operations, the hackers have also targeted U.S. hospitals and healthcare companies with ransomware attacks.
On Thursday, the U.S. Justice Department charged Rim Jong Hyok with conspiring to access computer networks in the U.S. and money laundering. One of the ransomware incidents linked to Rim involved a May 2021 attack on a Kansas-based hospital, which paid a ransom in bitcoin. The funds were transferred to a Chinese bank and withdrawn from an ATM in Dandong, China, near the border with North Korea, according to the indictment.
The FBI is offering a reward of up to $10 million for information leading to Rim’s arrest, who is believed to be in North Korea. The FBI and Justice Department have also seized some of the hackers’ online accounts, including $600,000 in virtual currency that will be returned to ransomware victims.
Paul Chichester from Britain’s National Cyber Security Centre, part of GCHQ, commented, “The global cyber espionage operation we have uncovered today illustrates the extreme measures DPRK state-sponsored actors are prepared to take to further their military and nuclear ambitions.”
In August of the previous year, Reuters reported that a specialized North Korean hacking group had successfully infiltrated the systems of NPO Mashinostroyeniya, a rocket design bureau near Moscow. Similar to that breach, APT45 employed phishing techniques and computer exploits to gain access to their targets’ internal systems, the advisory noted.
